10 Sep
2025
10 Sep
'25
9:07 p.m.
On Wed, Sep 10, 2025 at 04:36:59PM +0200, Christian Brauner wrote:
@@ -573,6 +588,7 @@ struct net *copy_net_ns(unsigned long flags,
if (rv < 0) { put_userns:
ns_free_inum(&net->ns);
I've ended up looking at this patch because of Jan's earlier comment about a different issue in this patch.
Aren't we double-freeing net->ns here if setup_net() failed?
setup_net() can call ops_undo_list() on failure, which will ns_free_inum(&net->ns) once, and then we do it again in the put_userns error handling label.
--
Thanks,
Sasha